ChoicePoint had earlier data leak

David Colker and Joseph MennTimes Staff Writers

Scammers penetrated ChoicePoint Inc.'s vast online database of personal records five years ago in an operation similar to a more recent case that has triggered a national furor over privacy, court records show.

Two Nigerian-born fraud artists were arrested in Los Angeles in 2002 by federal officials who charged that the pair used ChoicePoint to gain access to confidential information about at least 7,000 people and possibly many more, resulting in at least $1 million in losses.

That security breach, which received no public attention at the time, is similar to the case in which a North Hollywood man, also a Nigerian native, pleaded no contest last month to felony identity theft. He had obtained as many as 145,000 ChoicePoint records by setting up a fake business claiming to have a legitimate need for the information.

The most recent incident came to light because of a new California law that requires credit agencies to notify victims of identity theft.

ChoicePoint executives on Tuesday declined to comment.

Consumer advocates said they were outraged.

ChoicePoint "tried to suggest there really wasn't a problem" after the recent case became public, said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "This makes it clear they had been aware of earlier problems with the wrongful sale of their information to criminals."

Consumers Union attorney Gail Hillebrand, who was attending a state meeting on identity theft convened Tuesday by Gov. Arnold Schwarzenegger, called the earlier case an "illustration that you can't rely on companies with a business incentive to distribute information to restrict that access."

ChoicePoint records, which can include credit reports, addresses and Social Security numbers, are invaluable to identity thieves, who use the information to open fraudulent accounts.

The recent ChoicePoint case came to light because Atlanta-based ChoicePoint was forced to notify 35,000 Californians — in accordance with the law — that their records might have been compromised.

After angry officials nationwide called for wider disclosure, the company sent notifications to an additional 110,000 people. Senate Judiciary Committee Chairman Arlen Specter (R-Pa.) said he would hold hearings on identity theft.

California Sen. Dianne Feinstein (D-Calif.) said Tuesday that the discovery of the previous case gave ammunition to proponents — including her — of a national disclosure law.

"Clearly ChoicePoint had been violated once before," Feinstein said. "In the most recent case, if it weren't for the California law, I don't believe they would have done anything about it."

In both California cases, the people convicted of the crimes were illegal immigrants of Nigerian descent living in the San Fernando Valley. They used multiple fake identities to establish accounts with ChoicePoint, allowing them to comb through database records for personal data. Authorities say they don't know if there is any link between the perpetrators in the two cases.

"I think the people in this area of crime know that ChoicePoint and companies like them are a great resource for theft," said Assistant U.S. Atty. Mark Krause, who prosecuted the earlier case.

Pleading guilty in that case was Bibiana Benson, 39, of Sherman Oaks and her brother, Adedayo Benson, 38, of Encino.

According to court documents, Bibiana Benson admitted to opening a ChoicePoint account in 2000 in the name of Christine Burton and the company C&B Research, showing a real estate broker's license and driver's license for identification.

Both licenses were faked, Krause said. When federal authorities contacted the real Burton, a resident of Indiana, she said she had never opened a ChoicePoint account or heard of C&B Research.

Bibiana Benson obtained personal information — including Social Security numbers and addresses — from the ChoicePoint databases and sold the data for $40 to $65 per name, prosecutors said in court documents.

Her customers for the information, mostly Nigerian immigrants, numbered about 20, including her brother, Krause said. In some cases, the ring would supply a name and she would search for records.

"They would want to see if it was worth taking over the identity, if the person's credit was good enough," Krause said.

In September 2002, Bibiana Benson pleaded guilty to one felony count of unlawful use of identification and was sentenced to 54 months in prison. An appeal of the sentence is pending.

Krause said a Secret Service investigation found that the information she garnered from ChoicePoint resulted in at least $1 million in illegal purchases. Authorities said they did not know whether ChoicePoint notified victims that their records had been compromised.

Adedayo Benson pleaded guilty last November to three felony counts concerning the use and attempted use of fake credit cards. His sentencing is scheduled for Monday. Prosecutors plan to ask for a five-year prison term.

No other arrests have been made in that case, but it remains open, Krause said.

ChoicePoint isn't the only information broker to have been penetrated in recent years.

A Boca Raton, Fla., man was charged last year with obtaining bank, credit card and other data on millions of individuals through ChoicePoint rival AcxiomCorp. of Little Rock, Ark.

Federal prosecutors say Scott Levine, who headed an e-mail marketing company, planned to incorporate the information in his firm's services. But the prosecutors say they have no evidence that Levine or others rang up fraudulent charges.

And in January, New Yorker Philip Cummings was sentenced to 14 years in prison for his part in downloading credit reports on more than 30,000 people over more than two years.

Cummings, a former help-desk employee at a company that makes financial software, worked with more than a dozen partners who obtained new credit cards in the names of their victims and made at least $50 million in fraudulent purchases, authorities said.